The following was recently published on Techdirt, although with a different title.

Regardless of what one thinks about the apparent result of the 2016 election, it will inevitably present a number of challenges for America and the world. As Mike wrote about last week, they will inevitably touch on many of the tech policy issues often discussed here. The following is a closer look at some of the implications (and opportunities) with respect to several of them, given the unique hallmarks of Trump and his proposed administration. Continue reading »

Questions #16 and #17 more specifically contemplate the effectiveness of the put-back process articulated at subsection 512(g). As explained in Section III.B this mechanism is not effective for restoring wrongfully removed content and is little used. But it is worth taking a moment here to further explore the First Amendment harms wrought to both Internet users and service providers by the DMCA.[1]

It is part and parcel of First Amendment doctrine that people are permitted to speak, and to speak anonymously.[2] Although that anonymity can be stripped in certain circumstances, there is nothing about the allegation of copyright infringement that should cause it to be stripped automatically. Particularly in light of copyright law incorporating free speech principles[3] this anonymity cannot be more fragile than it would in any other circumstance where speech was subject to legal challenge. The temptation to characterize all alleged infringers as malevolent pirates who get what they deserve must be resisted; the DMCA targets all speakers and all speech, no matter how fair or necessary to public discourse this speech is.

And yet, with the DMCA, not only is speech itself more vulnerable to censorship via copyright infringement claim than it would be for other types of allegations[4] but so are the necessary protections speakers depend on to be able to speak.[5] Between the self-identification requirements of subsection 512(g) put-back notices and the ease of demanding user information with subsection 512(h) subpoenas that also do not need to be predicated on actual lawsuits,[6] Internet speakers on the whole must fear the loss of their privacy if anyone dares to construe an infringement claim, no matter how illegitimate or untested that claim may be. Given the ease of concocting an invalid infringement claim,[7] and the lack of any incentive not to,[8] the DMCA gives all-too-ready access to the identities of Internet users to the people least deserving of it and at the expense of those who most need it.[9]

Furthermore, the DMCA also compromises service providers’ own First Amendment interests in developing the forums and communities they would so choose. The very design of the DMCA puts service providers at odds with their users, forcing them to be antagonistic their own customers and their own business interests as a condition for protecting those interests. Attempts to protect their forums or their users can expose them to tremendous costs and potentially incalculable risk, and all of this harm flows from mere allegation that never need be tested in a court of law. The DMCA forces service providers to enforce censorship compelled by a mere takedown notice, compromise user privacy in response to subsection 512(h) subpoenas (or devote significant resources to trying to quash them), and, vis a vis Questions #22 and 23, disconnect users according to termination policies whose sufficiency cannot be known until a court decides they are not.[10]

The repeat infringer policy requirement of subsection 512(i)(A) exemplifies the statutory problem with many of the DMCA’s safe harbor requirements. A repeat infringer policy might only barely begin to be legitimate if it applied to the disconnection of a user after a certain number of judicial findings of liability for acts of infringement that users had used the service provider to commit. But as at least one service provider lost its safe harbor for not permanently disconnecting users after only a certain number of allegations, even though they were allegations that had never been tested in a court consistent with the principles of due process or prohibition on prior restraint.[11]

In no other context would we find these sorts of government incursions against the rights of speakers constitutional, robbing them of their speech, anonymity, and the opportunity to further speak, without adequate due process. These incursions do not suddenly become constitutionally sound just because the DMCA coerces service providers to be the agent committing these acts instead.Continue reading »

Unlike Smith v. Obama and other similar cases, which argued that even collecting “just” telephonic metadata violated the Fourth Amendment, in Jewel the surveillance involved the collection of communications in their entirety. It didn’t just catch the identifying characteristics of these communications; it captured their entire substance.

The Electronic Frontier Foundation originally filed this case in 2008 following the revelations of whistleblower Mark Klein, a former tech at AT&T, that a switch installed in a secret room at AT&T’s facilities were diverting copies all the Internet traffic passing through their systems to the government. This, the EFF argued in a motion for summary judgment, amounted to the kind of “search and seizure” barred by the Fourth Amendment without a warrant.

Like in Smith v. Obama, this surveillance necessarily implicates the Sixth Amendment in how it violates the privacy of communications between lawyers and their clients. But because the surveillance involves the collection of the content of these communications it also inherently violates the Fifth Amendment right against self-incrimination as well.Continue reading »

In that case the Supreme Court held that it did not violate the Fourth Amendment for the government to acquire records of people’s calls. The government only violates the Fourth Amendment when it invades a “reasonable expectation of privacy society recognizes as reasonable” without a warrant. But how could there be an expectation of privacy in the phone number a person dialed, the Supreme Court wondered. How could anyone claim the information was private, if it had been voluntarily shared with the phone company? Deciding that it could not be considered private, the court therefore found that no expectation of privacy was being invaded by the government’s collection of this information, which therefore meant that the collection could not violate the Fourth Amendment.

The problem is, in the Smith v. Maryland case the Supreme Court was contemplating the effect on the Fourth Amendment raised by the government acquiring only (1) specific call information (2) from a specific time period (3) belonging only to a specific individual (4) already suspected of a crime. It was not considering how the sort of surveillance at issue in this case implicated the Fourth Amendment, where the government is engaging in the bulk capturing of (1) all information relating to all calls (2) made during an open-ended time period (3) for all people, including (4) those who may not have been suspected of any wrongdoing prior to the collection of these call records. What Smith is arguing on appeal is that the circumstances here are sufficiently different from those in Smith v. Maryland such that the older case should not serve as a barrier to finding the government’s warrantless bulk collection of these phone records violates the Fourth Amendment.

In particular, unlike in Smith v. Maryland, in this case we are dealing with aggregated metadata, and as even the current incarnation of the Supreme Court has noted, the consequences of the government capturing aggregated metadata are much more harmful to the civil liberties of the people whose data is captured than the Supreme Court contemplated back in 1979. In U.S. v. Jones, a Fourth Amendment decision issued in 2012, Justice Sotomayor observed that aggregated metadata “generates a precise, comprehensive record” of people’s habits, which in turn “reflects a wealth of detail about [their] familial, political, professional, religious, and sexual associations.” One of the reasons we have the Fourth Amendment is to ensure that these associations are not chilled by the government being able to freely spy on people’s private affairs. But when this form of warrantless surveillance is allowed to take place, they necessarily will be.

While it’s bad enough that any associations are chilled, in certain instances that chilling implicates other Constitutional rights. The amicus brief by the Reporters Committee for Freedom of the Press addressed how the First Amendment is undermined when journalists can no longer be approached by anonymous sources because, if the government can easily discover evidence of their conversations, the sources effectively have no anonymity and will be too afraid to reach out. Similarly, the brief I wrote discusses the impact on the Sixth Amendment right to counsel when another type of relationship is undermined by this surveillance: that between lawyers and their clients. Continue reading »

Have you met me? Are we acquainted, either in real life or in social media, or even just had a passing exchange at some point via email? If so, congratulations – you are now connected to a 9/11 mastermind, and the NSA probably knows it.

I am not, of course, a 9/11 mastermind, nor have I been personally acquainted with anyone who was. In fact, by the time I learned of this connection, 9/11 had long since happened and Mohamed Atta was long since dead. But I have a friend in Germany who has a friend who was at the same college in Hamburg that Atta attended, and now, by the NSA’s logic, we are all tainted by the association.

Which is complete and utter nonsense, of course. Mere acquaintance (even when not so attenuated) is not a proxy for influence. Even friendship itself is not a proxy for influence. Relationships between people are many and nuanced and the simple knowledge of one person by another (or even a close social or familial tie) in no way connotes endorsement of every, or even any, aspect of one’s life by the other. Unfortunately the NSA doesn’t seem to realize this (or, more likely, doesn’t care).

It’s also just as wrong to attempt to derive meaning from these connections because it turns out we are all connected. There is a reason we play “Six Degrees of Separation,” because it reveals the miracle of how upwards of seven billion people spread out on a planet surface of nearly 200 million square miles share this nonetheless pretty small world after all.

Obviously some people share in it more constructively than others. There are some who would choose to do violence to it. But not all of us, or even most of us, and in mapping all of our connections so indiscriminately we are all treated with the same suspicion and surveillance as the few actual bad actors. The NSA might argue that such surveillance of our interconnectivity is necessary to “discover and track” these bad actors, but by putting all of our lives under such scrutiny the NSA presumptively treats the innocent as equally guilty by association.

I was asked to write the “Posts of the Week” for Techdirt this past weekend and used it as an opportunity to convey some of the ideas I explore here to that audience. The post was slightly constrained by the contours of the project — for instance, I could only punctuate my greater points with actual posts that appeared on Techdirt last week — but I think they held together with coherence, and I appreciated the chance to reframe some of the issues Techdirt was already exploring in this way.

In any case, I’ve decided to cross-post my summary here, partly because I always like to host a copy of my guest blog posts on one of my sites, and partly because it gives me a chance to update and annotate those ideas further. Please do go visit Techdirt though, which was kind enough to ask me to do this, to read more about the items described below.Continue reading »

But even if these programs are consistent with either their enabling statutory language or previous Fourth Amendment case law, it is not at all clear that they are consistent with either the spirit or bare language of the Fourth Amendment:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Over time, on a case by case basis specific to the facts before them, courts have whittled away at what we might understand the Fourth Amendment to protect. Which is unfortunate, because on its face it would appear to protect quite a bit of personal privacy from government intrusion, except under very narrow circumstances. But as we learn more about these surveillance programs we see how, even if “legal,” they intrude upon that privacy, and in a way that essentially destroys all vestiges of it for everyone, criminal (or foreign) or not.

While originally I intended this blog to focus only on issues where cyberlaw collided with criminal law, I’ve come to realize that this sort of analysis is advanced by discussion of the underlying issues separately, even when they don’t implicate either criminal law or even technology. For example, discussions about how copyright infringement is being criminally prosecuted is aided by discussion on copyright policy generally. Similarly, discussions about shield laws for bloggers are advanced by discussions of shield laws generally, so I’ve decided to import one I wrote recently on my personal blog for readers of this one:

Both Ken @ Popehat and “Gideon” at his blog have posts on the position reporter Jana Winter finds herself in. To briefly summarize, the contents of the diary of the alleged Aurora, CO, shooter ended up in her possession, ostensibly given to her by a law enforcement officer with access to it and in violation of judicial orders forbidding its disclosure. She then reported on those contents. She is not in trouble for having done the reporting; the problem is, the investigation into who broke the law by providing the information to her in the first place has reached an apparent dead end, and thus the judge in the case wants to compel her, under penalty of contempt that might include jailing, to disclose the source who provided it, despite her having promised to protect the source’s identity.

In his post Gideon make a compelling case for the due process issues at stake here. What’s especially notable about this situation is that the investigation isn’t just an investigation into some general wrongdoing; it’s wrongdoing by police that threatens to compromise the accused’s right to a fair trial. However you might feel about him and the crimes for which he’s charged, the very fact that you might have such strong feelings is exactly why the court was motivated to impose a gag order preventing the disclosure of such sensitive information: to attempt to preserve an unbiased jury who could judge him fairly, a right he is entitled to by the Constitution, irrespective of his ultimate innocence or guilt, which the police have no business trying to undermine.

Ken goes even further, noting the incredible danger to everyone when police and journalists become too chummy, as perhaps happened in the case here. Police power is power, and left unchecked it can often become tyrannically abusive. Journalists are supposed to help be that check, and when they are not, when they become little but the PR arm for the police, we are all less safe from the inherent danger that police power poses.

But that is why, as Ken and Gideon wrestle with the values of the First Amendment versus the values of the Fifth and Sixth the answer MUST resolve in favor of the First. There is no way to split the baby such that we can vindicate the latter interests here while not inadvertently jeopardizing these and other important interests further in the future.Continue reading »

This specific blog post has been prompted by news that the Department of Justice had subpoenaed the phone records of the Associated Press. Many are concerned about this news for many reasons, not the least of which being that this revelation suggests that, at minimum, the Department of Justice violated many of its own rules in how it did so (ie, it should have reported the existence of the subpoena within 45 days, maybe 90 on the outside, but here it seems to have delayed a year). The subpoena of the phone records of a news organization also threatens to chill newsgathering generally, for what sources would want to speak to a reporter if the government could be presumed to know that these communications had been taking place? For reasons discussed in the context of shield laws, reporters can’t do their information-gathering-and-sharing job if the people they get their information from are too frightened to share it. Even if one were to think that in some situations loose lips do indeed sink ships and it’s sometimes bad for people to share information, there’s no way the law can differentiate which situations are bad and which are good presumptively or prospectively. In order to for the good situations to happen – for journalists to help serve as a check on power — the law needs to give them a free hand to discover the information they need to do that.

But the above discussion is largely tangential to the point of this post. The biggest problem with the story of the subpoena is not *that* it happened but that, for all intents and purposes, it *could* happen, and not just because of how it affected the targeted journalists but because of how it would affect anyone subject to a similar subpoena for any reason. Subpoenas are not search warrants, where a neutral arbiter ensures that the government has a proper reason to access the information it seeks. Subpoenas are simply the form by which the government demands the information it wants, and as long as the government only has to face what amounts to a clerical hurdle to get these sorts of communications records there are simply not enough legal barriers to protect the privacy of the people who made them.Continue reading »

One of the cases I came across when I was writing an article about Internet surveillance was Deal v. Spears, 980 F. 2d 1153 (8th Cir. 1992), a case involving the interception of phone calls that was arguably prohibited by the Wiretap Act (18 U.S.C. § 2511 et seq.). The Wiretap Act, for some context, is a 1968 statute that applied Fourth Amendment privacy values to telephones, and in a way that prohibited both the government and private parties from intercepting the contents of conversations taking place through the telephone network. That prohibition is fairly strong: while there are certain types of interceptions that are exempted from it, these exemptions have not necessarily been interpreted generously, and Deal v. Spears was one of those cases where the interception was found to have run afoul of the prohibition.

It’s an interesting case for several reasons, one being that it upheld the privacy rights of an apparent bad actor (of course, so does the Fourth Amendment generally). In this case the defendants owned a store that employed the plaintiff, whom the defendants strongly suspected – potentially correctly – was stealing from them. In order to catch the plaintiff in the act, the defendants availed themselves of the phone extension in their adjacent house to intercept the calls the plaintiff made on the store’s business line to further her crimes. Ostensibly such an interception could be exempted by the Wiretap Act: the business extension exemption generally allows for business proprietors to listen in to calls made in the ordinary course of business. (See 18 U.S.C. § 2510(5)(a)(i)). But here the defendants didn’t just listen in to business calls; they recorded *all* calls that the plaintiff made, regardless of whether they related to the business or not, and, by virtue of being automatically recorded, without the telltale “click” one hears when an actual phone extension is picked up, thereby putting the callers on notice that someone is listening in. This silent, pervasive monitoring of the contents of all communications put the monitoring well-beyond the statutory exception that might otherwise have permitted a more limited interception.

[T]he [defendants] recorded twenty-two hours of calls, and […] listened to all of them without regard to their relation to his business interests. Granted, [plaintiff] might have mentioned the burglary at any time during the conversations, but we do not believe that the [defendants’] suspicions justified the extent of the intrusion.

[T]here is a vast difference between overhearing someone on an extension and installing an electronic listening device to monitor all incoming and outgoing telephone calls.

And so the defendants, hapless victims though they seemed to have been in their own right, were found to have violated the Wiretap Act.

But Deal v. Spears is a telephone case, and telephone cases are fairly straight forward. The statutory language clearly reaches the contents of those communications made with that technology, and all that’s really been left for courts to decide is how broad to construe the few exemptions the statute articulates. What has been much harder is figuring out how to extend the Wiretap Act’s prohibitions against surveillance to those communications made via other technologies (ie, the Internet), or to aspects of those communications that seem to apply more to how they should be routed than their underlying message. However privacy interests are privacy interests, and no amount of legal hairsplitting alleviates the harm that can result when any identifiable aspect of someone’s communications can be surveilled. There is a lot that the Wiretap Act, both in terms of its statutory history and subsequent case law, can teach us about surveillance policy, and we would be foolish not to heed those lessons.